Vulnerability Description
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iid | Rbb Speed Test | - |
| Android | <= 2.0.3 | |
| Apple | Iphone Os | <= 2.1 |
Related Weaknesses (CWE)
References
- http://www.iid.co.jp/information/170714.htmlBroken LinkThird Party Advisory
- https://jvn.jp/en/jp/JVN24238648/index.htmlThird Party AdvisoryVDB Entry
- http://www.iid.co.jp/information/170714.htmlBroken LinkThird Party Advisory
- https://jvn.jp/en/jp/JVN24238648/index.htmlThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-2278?
CVE-2017-2278 is a vulnerability with a CVSS score of 5.9 (MEDIUM). The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle a...
How severe is CVE-2017-2278?
CVE-2017-2278 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2278?
Check the references section above for vendor advisories and patch information. Affected products include: Iid Rbb Speed Test, Google Android, Apple Iphone Os.